Privacy Policy

PRIVACY POLICY

We hope you will enjoy using the Caravela website (our “website”) and we want to make sure your experience is as safe and useful as possible.  Here you can find out how our website works, what data we collect from you, how we use it, circumstances where we may disclose this data to others and how we keep it secure.  By using our website and providing your personal information you agree to be bound by the terms of this policy.

Caravela is made up of different legal entities. This privacy notice is issued on behalf of the group so when we mention Caravela, Limited “we“, “us” or “our” in this privacy notice, we are referring to the relevant company in the group responsible for processing your data. Caravela Limited (03996686) is the controller and responsible for this website.

Caravela takes the issue of security and data protection very seriously and strictly adheres to applicable data protection legislation.  We are data controller of any personal data that you provide us.

Any questions relating to this policy and our privacy practices should be sent to gdpr@caravela.coffee

How we collect information from you and what information we collect

We collect personal information when you use our website and personal information that you give us by filling in our newsletter signup and using our website.

We collect the following personal information about you:

• Name, e-mail address, telephone, job title and organisation;
• your IP address and clicks on our website from your use of our online services.

Why we need this information about you

We use the information we collect about you:

• to help us with understanding more about how our site is used;
• to be able to send you communications that may be of interest to you, either electronically or otherwise; and
• for all other purposes consistent with the proper performance of our operations.

Marketing

It is your choice whether you receive information such as marketing from us.  If you indicated that you are interested in receiving regular information about our activities, we will send you communications electronically. In addition, we may send you direct mail that we feel may be of interest to you.  We will not contact you for marketing purposes unless you have given your prior consent. If, at any time, you no longer wish to receive this information, please send a written request to gdpr@caravela.coffee

Also, all of our email marketing correspondence gives you the option to opt-out of receiving further marketing emails. Please note that you will still receive emails directly related to an enquiry you have submitted via our contact form.

How we use Cookies

We use cookies, pixels and tags (collectively “Cookies”) on our website in order to help improve our website and provide you with a more personalised web service.

Cookies are small text files, placed on your hard disk by a web page server. They are uniquely assigned to you, and can only be read by a web server in the domain that issued the Cookie to you.

We use encrypted information gathered from Cookies to improve your online experience with us.

We use per session Cookies which are deleted when you leave our website.  They help keep track of your progress so you don’t have to enter the same information more than once. More specifically we use the following Cookies which carry out the functions described:

• __utma – This is a Google Analytics cookie and tracks the number of times you have visited our website.
• __utmb and __utmc – This is another Google Analytics cookie and acts to calculate how long you have spent on our website in each session.
• __utmz – This Google Analytics cookie tracks what search engine you have visited the site from and which search terms you used to find our website.
• ATU_VC and ATU_VS– These cookies are used by AddThis which integrates websites to social networks to facilitate the sharing of content via social networks
• Pum1356 / pum1349 – these are pop ups used for subscription to our newsletter
• _gat_gtag_UA101769488_2 – this is the tracking code for Google Analytics

You agree that the Cookies listed above can be enabled while you use our website. In the event that you reject our cookie policy all Cookies will be disabled with the exception of necessary Cookies which are required for the website to run, however, these to not store or use any personal information.

Data Security

Please be aware that the transmission of information via the internet is not always completely secure. Although we will do our best to protect your personal data, we cannot guarantee the complete security of your data transmitted to us electronically; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to restrict unauthorised access.

Sharing of your information

The information you provide to us will be treated by us as confidential and will be processed only by our employees. We may disclose your information to other third parties who act for us for the purposes set out in this notice or for purposes approved by you, including to suppliers who provide pay roll, accountancy and cloud computing services.

We may share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data. All group companies will respect the security of your data and to treat it in accordance with the law.

Transfers outside the EEA

We share your personal data within our group. This may involve transferring your data outside the European Economic Area (EEA). Many of our external third parties are based outside the EEA so their processing of your personal data will also involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

If you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact gdpr@caravela.coffee.

How long we will keep your information

We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law (we may be legally required to hold some types of information), or as set out in any relevant contract we have with you.

We will generally keep your information as long as is necessary to fulfil our obligations to you after which this will be destroyed if it is no longer required for the reasons it was obtained.

Your rights

You have the right at any time to:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
• Withdraw your consent to the processing of your personal information at any time.

If you would like to exercise any of your rights above, please contact us at gdpr@caravela.coffee

You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information.

Changes to our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.