Cosi Living®
Privacy Policy
At Cosi Living, data protection and data security when using our website and services are very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.
Background
This Privacy Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum, to make sure you understand the information provided. However, to achieve this objective we would like to explain you the following concepts.
a) What is Personal Data?
Personal Data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute Personal Data.
b) What is Processing?
"Processing" means and covers virtually any handling of data.
c) What law applies?
In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular the UK`s Data Protection Act 2018 (“DPA”) and the General Data Protection Regulation (“GDPR”).
d) Who is responsible for data processing?
The responsible party within the meaning of the DPA and the GDPR is Cosi Living of 25 Goodlass Road, Speke, Liverpool, L25 9HJ (“Cosi Living”, “we”, “us”, or “our”). If you have any questions or if you wish to exercise your rights under the DPA or GDPR, please contact us using info@getcosi.co.uk, or call 0151 380 0324 or write to us at the above address.
General Principles
a) Purpose and legal basis of processing
In accordance with the DPA and GDPR we need to have both a purpose and a legal basis to process Personal Data. The purposes are:
providing the website and shop and their functions and contents,
responding to contact requests and communicating with our customers,
providing our services, and
security measures.
Of course, we can only do that if we have at least one of the following legal bases or in other words lawful reasons to do so. Unless specifically described below, we typically link the above purposes to one of the following:
consent,
to fulfil our services and carry out contractual obligations,
to fulfil our legal obligations, and
to protect our legitimate interests.
b) Categories of data subjects and types of data processed
During the course of using our website and services, we process the following types of data from visitors and users:
inventory data,
contact data,
content data,
contract data,
usage data, and
meta/communication data.
c) Purpose of the processing
The Purpose of processing personal information are:
provision of the website, its functions, and contents,
responding to contact requests and communicating with users,
security measures,
provision of our contractual services, and
reach measurement/marketing.
d) Security
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organisational measures”) for example encryption or need to know access, to ensure the most complete protection of Personal Data processed through this website.
Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion.
Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.
e) Retention and Storage
We retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy, and in accordance with the UK’s Statutory Retention Periods and other applicable laws for up to 6 years.
f) Minors
We do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.
g) Automated decision-making
Automated decision-making including profiling does not take place.
h) Do Not Sell
We do not sell your Personal Data.
i) Special Category Data
Unless specifically required and consent is obtained, for a particular service, we do not process special category data.
Data we collect automatically
a) Log files
When you visit our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file. This includes:
IP address of the requesting computer,
Date and time of access,
name and URL of the file accessed,
website from which the access was made (referrer URL),
browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The processing of the aforementioned data is necessary for the provision of a website and thus serves to protect our legitimate interest.
b) Cookies
We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.
Data we collect directly
We may ask you for Personal Data when you:
use our website,
request services, support, or information,
participate online or otherwise in marketing activities,
interact with us on third-party social networking sites (subject to the terms of use and privacy policies of said third parties), or
contact us.
Categories of Personal Data we collect may include your name, email address, phone number and IP addresses. We may also collect data about your Business such as Business name and contact details as well as demographic data such your interests, and preferences.
In the context of a contact request on our website, in addition to your enquiry you may also disclose your name, e-mail. telephone number and the type of services required.
We are also present on social media and if you contact us via social media platforms, we and the relevant platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement.
We process the data of our service users in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further. This includes in particular our support, correspondence with you, invoicing, fulfilment of our accounting and tax obligations. Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as to fulfil our legal obligations.
Some of the data you choose to provide may be considered non-Personal Data and/or “special” or “sensitive” in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data.
Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us.
Unless otherwise specified the purposes of processing are contractual performance and service, contact requests and communication, office and organisational procedures, administration, and response to requests, visit action evaluation.
The legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations as well as your consent. You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us using info@getcosi.co.uk, or call 0151 380 0324 or write to us at the above address..
Data from third party sources
We may obtain data about you from third-party sources, such as our marketing partners, social networks, and other third parties. We may use this data to better analyse your user behaviour to improve our ability to provide you with relevant marketing information and services, and to prevent and combat fraud. The legal basis for the data processing is our legitimate interest.
Disclosure, Sharing and Transfer
a) Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). To that extent we also use the services of Company for Life ltd. for the Property Management System COHO and to send Mailings and notifications we use Mailchimp by Intuit Inc. In both cases we remain responsible for data processing and have entered into the relevant processing agreements.
b) Marketing
Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to. You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us using info@getcosi.co.uk, or call 0151 380 0324 or write to us at the above address.
c) International Transfer
In the course of our website operation, we process data. We usually do not transfer Personal Data to countries outside the UK and the EEA. However, if we do, we ensure that processing of your Personal Data is governed by Processing Agreements that include Standard Contractual Clauses to ensure a high level of data protection.
d) Disclosure
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure, c) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings; as required by law or regulation; if Cosi Living (or a part of Cosi Living) is sold to or merged with another company; or proceedings at home or abroad or to fulfil our legitimate interests.
Your Rights and Privileges
a) Privacy rights
Under the DPA and GDPR, you can exercise the following rights:
Right to information
Right to rectification
Right to object to processing
Right to deletion
Right to data portability
Right of objection
Right to withdraw consent
Right to complain to a supervisory authority
Right not to be subject to a decision based solely on automated processing.
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to request the erasure or rectification of Personal Data we hold about you, or to exercise any of your other rights as a data subject, please contact us.
b) Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
c) Withdrawing your consent
You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
d) Access Request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will let you know in writing within thirty (30). If we are unable to comply with your request, we will tell you why (except where we are not required to do so under the respective legal regulations mentioned above).
e) Complaint to a supervisory authority
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The supervisory authority in the UK is: The Information Commissioner`s Office (ICO) is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK www.ico.org.uk.
Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
Children Data
Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us, and we take the necessary steps to remove that information from our server.
Changes and Updates
Since changes in the law or in our internal company processes may make it necessary to adapt this Privacy Policy from time to time, we ask you to read this Privacy Policy regularly.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us using info@getcosi.co.uk, or call 0151 380 0324 or write to us at the above address.
This Privacy Policy was last updated on Saturday, 4 May 2023.
