Our Commitment to Your Privacy

Stylized graphic representing data security, with abstract shields and locks, set against a warm, inviting café background.
Safeguarding your information, so you can relax and enjoy your visit.

At The Daily Grind & Bean Co., we are deeply committed to respecting and protecting your privacy. As a beloved coffee house in the heart of Piccadilly Circus, we understand the trust you place in us when you share your personal information. Our privacy policy is designed to be transparent, clear, and fully compliant with all applicable UK and EU data protection regulations, including the General Data Protection Regulation (GDPR).

This policy outlines how we collect, use, and safeguard your data, ensuring that your experience with us, whether in our café or online, is secure and enjoyable. We believe in empowering you with control over your personal information.

Last updated: 15 October 2023. This policy is reviewed annually or as required by regulatory changes.

For any questions or concerns regarding our privacy practices, please do not hesitate to contact our Data Protection Officer at [email protected].

What Information We Collect and Why

When you visit The Daily Grind & Bean Co., we collect transactional data related to your purchases (e.g., items bought, total spend, time of visit) to process your order, manage loyalty programs (if opted in), and understand popular menu items. We do not store sensitive payment card details on our systems; these are processed securely by third-party payment gateways compliant with PCI DSS standards.
When you interact with our website, sign up for our newsletter, or book events, we may collect personal identifiers such as your name, email address, phone number, and any preferences you share. This information allows us to send you updates, manage your bookings, and personalize your communication preferences. We use standard web analytics tools to understand website traffic and improve user experience, collecting anonymized data where possible.
For event bookings or mobile catering services, we collect necessary contact details, event specifics (date, time, location), guest counts, and any dietary requirements to facilitate seamless service delivery. This data is used solely for the purpose of fulfilling our contractual obligations and ensuring your event is a success.
Close-up of hands typing on a laptop with abstract digital data flowing around, representing secure online interactions.
Every digital interaction is handled with care and respect for your data.

Your Rights and Data Control

Under the GDPR, you have significant rights regarding your personal data. We are committed to helping you exercise these rights effectively.

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You can ask us to correct or update any inaccurate or incomplete personal information.
  • Right to Erasure ('Right to be Forgotten'): In certain circumstances, you can request that we delete or remove your personal data from our systems.
  • Right to Restrict Processing: You have the right to 'block' or suppress the processing of your personal data.
  • Right to Object: You can object to the processing of your data in certain situations, particularly for direct marketing.
  • Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes across different services.

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within one month, in compliance with GDPR guidelines.

Conceptual image of a hand interacting with a digital interface showing privacy settings and control options.
Empowering you with full control over your personal data.

How We Protect Your Information

The security of your personal information is paramount to us. We employ a multi-layered approach to protect your data from unauthorized access, alteration, disclosure, or destruction.

Technical Security

We utilize encryption (SSL/TLS) for data in transit, secure servers, and robust firewalls to protect our digital infrastructure. Regular vulnerability assessments and penetration testing are conducted.

Staff Training & Access

All our staff undergo mandatory data protection and privacy training. Access to personal data is strictly limited to those who require it to perform their duties, based on the principle of least privilege.

Trusted Partnerships

We carefully vet all third-party service providers (e.g., payment processors, CRM systems) to ensure they meet our stringent security and privacy standards and comply with GDPR.

Abstract depiction of digital security with a network of glowing lines and nodes protecting a central data icon, conveying robustness.
Our robust security measures ensure your data is always safe with us.

In the unlikely event of a data breach, we have clear incident response procedures in place, ensuring prompt investigation, mitigation, and notification to affected individuals and regulatory authorities as required by law.