MOBILE APP PRIVACY POLICY

The Espresso Room mobile application is owned and operated by The

Espresso Room Company, who are the controller of all stored data.

PepperHQ Ltd operate as a processor of data for The Espresso Room App.

This policy, together with our MOBILE APP TERMS OF USE, explain how we

may use information we collect about you, as well as your rights over

any personal information we hold about you. Please read this policy

and our MOBILE TERMS OF USE carefully.

Information we collect about you through The Espresso Room App.

We collect information about you when you:

- register to use The Espresso Room App;

- attempt to check in to one of our stores;

- register your debit or credit card details;

- upload a profile photo, and

- use the payments facility in The Espresso Room App to pay for your purchase.

This information is collected, stored and processed under Article 6(1)

(b) of the GDPR, “processing is necessary for the performance of a

contract to which the data subject is party or in order to take steps

at the request of the data subject prior to entering into a contract”

i.e. We need this data for you to be able to use the App for its primary purposes.

Using your information

Collecting personal information in The Espresso Room App (name, email

address, date of birth) helps us to better understand what you need from us.

We use your information to:

- improve the functionality and performance of The Espresso Room App;

- personalise our services to you;

- tell you about important changes to The Espresso Room App and related services and

- manage promotions, competitions, customer surveys and questionnaires.

Your personal information is safe with us and will never be released

to third party companies for marketing purposes.

The Espresso Room App captures your geographic location when you

attempt to “check in” to one of our stores. We do this to identify

which store you are in or near to allow you to pay using The Espresso

Room App, and to provide an enhanced visitor experience (for example,

through digital loyalty cards). We will only capture this information

with your consent. The Espresso Room App also captures basic usage

metrics to help us identify any problems and to make improvements in

the future. These metrics also help us understand how people use The

Espresso Room App and how many people use the different functions within The Espresso Room App.

Your contact details and personal information may be used to send

direct marketing messages to you via your contact details provided.

This is done only with your explicit consent, which can be withdrawn

at any time from the “MyAccount” options within the app. You may

refuse consent for marketing messages without detriment to any other

areas of functionality within the app.

Information We Capture-

Geographic location

We provide enhanced store visit experiences when you choose to “check

in” to one of our stores and allow you to pay using The Espresso Room

App. You may prevent The Espresso Room App from accessing your

device’s location services, or turn off the location services of your

Mobile Device. Doing so will impact the capability of The Espresso

Room App and prevent you from enjoying an enhanced experience.

Data you share with us (Including information you give us when signing

up, and information which is shared automatically, such as Device ID,

and IP address)

We use this data to log you in to The Espresso Room App and it helps

us understand our customers better and present you with appropriate

offers and promotions Your data is stored in an encrypted database and

transferred over a secure network connection. You decide which data

you do and do not share with us. If you ask us to, we will update,

correct or delete any data which you give to us.

Data you share with us if you log on through Facebook (Including your

gender, date of birth, profile photo)

We use this data to log you in to The Espresso Room App, and it helps

us understand our customers better and potentially present you with

offers and promotions Your data is stored in an encrypted database and

transferred over a secure network connection You decide which data you

do and do not share with us. If you ask us to, we will update, correct

or delete any data which you give to us.

Card details

Your card details are not stored on The Espresso Room App and they are

only used in accordance with your top-up instructions. Your card

details are stored with our payment gateway partner - Judo Pay - who

are a Level 1 certified PCI-DSS Service Provider. You do not have to

use the payments facility within The Espresso Room App to pay for your

purchase

Your profile photo

Your profile photo is used in store to verify your identity If you ask

us to, we will update, correct or delete your profile photo. However,

you must have a profile photo if you wish to use The Espresso Room App

to pay for your purchases in-store.

Your purchase history

We use your purchase history to provide personalised offers and

analyse which products and rewards are most likely to interest you.

Data storage, protection and your right to access and erasure

Your data is stored in an encrypted database and transferred over

secure network connections. We will store your information for as long

as your account exists in The Espresso Room App. If your user account

is entirely inactive for a period of 12 months or more, we will delete

your account. If you ask us to, or if you delete your account, we will

delete the information linked to your account which can identify you

personally, including your profile photo and personal details.

You may ask us, at any time, to provide to you confirmation that your

data is being processed and access to your personal data. This will

generally be provided within 7-21 working days.

Marketing and research

If you agree, we may contact you:

- with offers and information about The Espresso Room products or

services.

- for customer research, e.g. to help improve our service.

You can ask us to stop contacting you for marketing and/or research

purposes by following the instructions in any such communication or by

emailing us at info@theespressoroom.co.uk.

Disclosing your information

We will never disclose your information to anyone outside of The

Espresso Room except:

- Where we have your consent

- Where we are required or permitted to do so by law

- To other companies who provide a service to us as a processor under

the terms of this privacy policy

- To any successors in title to our business.

If we ever transfer your personal information to countries outside the

European Economic Area we will ensure that appropriate security

measures are taken.

Accessing your information

To obtain a copy of the information we hold about you, email us at

info@theespressoroom.co.uk. Please confirm any details to help us

identify and locate your information. If any of the details are

incorrect, let us know and we will amend them.

Changes to our policy

This policy replaces all previous versions and is correct as of May

2018.

We reserve the right to change the policy at any time.

Contacting us

If you have any queries, please contact us at

info@theespressoroom.co.uk