Privacy Policy

Last updated: March 2026

1. Introduction

Welcome to Fourways Coffee LTD ("we", "us", or "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website www.fourways.coffee or purchase from us.

We are a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered address is 3rd floor, 86-90 Paul Street, London, EC2A 4NE, United Kingdom.

If you have any questions, contact us at info@fourways.coffee

2. What Data We Collect

We may collect and process the following personal data:

• Identity data: name, username or similar identifier
• Contact data: email address, phone number, delivery and billing address
• Transaction data: details of products you have purchased from us
• Financial data: payment card details (processed securely via our payment provider — we do not store card details ourselves)
• Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system, and other technology on the devices you use to access our website
• Usage data: information about how you use our website and products
• Marketing and communications data: your preferences for receiving marketing from us

3. How We Collect Your Data

We collect data in the following ways:

• Directly from you when you place an order, create an account, sign up to our mailing list, contact us, or fill in a form on our website
• Automatically via cookies and similar tracking technologies as you browse our website
• From third parties such as analytics providers (e.g. Google Analytics) and payment processors

4. How We Use Your Data

We will only use your personal data where we have a lawful basis to do so. We use your data to:

• Process and fulfil your orders, including managing payments and deliveries
• Create and manage your account
• Send you order confirmations and updates
• Respond to your enquiries or complaints
• Send you marketing communications (only with your consent, or where we have a legitimate interest as an existing customer)
• Improve our website, products, and services
• Comply with legal and regulatory obligations

5. Marketing

We will only send you marketing emails or messages if you have opted in, or if you are an existing customer and we are promoting similar products (soft opt-in). You can unsubscribe at any time by clicking the unsubscribe link in any of our emails or by contacting us directly.

We do not sell your data to third parties for marketing purposes.

6. Cookies

We do not currently use any cookies on our website.

7. Sharing Your Data

We may share your personal data with trusted third parties, including:

• Payment processors (e.g. Stripe, PayPal) to handle transactions securely
• Delivery and logistics providers to fulfil your orders
• Email marketing platforms (e.g. Mailchimp, Klaviyo) to manage communications
• Website analytics providers (e.g. Google Analytics)
• IT and system administration providers

All third parties are required to respect the security of your data and to treat it in accordance with the law. We do not allow them to use your data for their own purposes.

8. International Transfers

Some of our third-party providers may be based outside the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as UK-approved standard contractual clauses or adequacy decisions.

9. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. Typically, we retain customer order data for six years in line with HMRC requirements.

10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Access — request a copy of the data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your data in certain circumstances
• Restriction — request that we limit how we use your data
• Portability — request a copy of your data in a machine-readable format
• Object — object to our processing of your data, including for direct marketing
• Withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at [email address]. We will respond within one calendar month.

11. How We Protect Your Data

We have appropriate technical and organisational measures in place to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed without authorisation. Access to your personal data is restricted to those with a business need to know.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to read their privacy policies before providing any personal data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, and we will notify you of any significant changes.

14. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority:

• Website: ico.org.uk
• Helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO, so please reach out to us first.